Merge branch '372-rate-limit' into 'dev'

add rate-limit to api server Closes #372 See merge request ergo/rosen-bridge/guard-service!337
rosen-bridge · Apr 17, 2024 · 964e2e1 · 964e2e1
2 parents bfe498d + 22b22e3
commit 964e2e1
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 4 deletions.
diff --git a/.changeset/late-dodos-swim.md b/.changeset/late-dodos-swim.md
@@ -0,0 +1,5 @@
+---
+'guard-service': minor
+---
+
+Add rate limit to all apis
diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
@@ -31,7 +31,7 @@ jobs:
         uses: rosen-bridge/operation@V0.1
         with:
           type: ${{ vars.RELEASE_NAME }}
-          tag:  ${{ vars.RELEASE_TAG }}
+          tag: ${{ vars.RELEASE_TAG }}
 
       - name: Move the Files
         run: |

diff --git a/config/default.yaml b/config/default.yaml
@@ -7,6 +7,7 @@ api:
   apiKeyHash: '' # blake2b hash of Api-Key
   jsonBodyLimit: 50
   isManualTxRequestActive: false
+  maxRequestsPerMinute: 100_000
 
 cardano:
   networkType: 'mainnet' # Cardano network type [testnet, mainnet]

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -29,6 +29,7 @@
     "@chainsafe/libp2p-noise": "^10.2.0",
     "@emurgo/cardano-serialization-lib-nodejs": "^11.1.0",
     "@fastify/cors": "^8.3.0",
+    "@fastify/rate-limit": "^9.1.0",
     "@fastify/swagger": "^8.8.0",
     "@fastify/swagger-ui": "^1.9.3",
     "@fastify/type-provider-typebox": "^3.4.0",

diff --git a/src/configs/Configs.ts b/src/configs/Configs.ts
@@ -70,6 +70,10 @@ class Configs {
   static apiKeyHash = config.get<string>('api.apiKeyHash');
   static apiBodyLimit =
     getConfigIntKeyOrDefault('api.jsonBodyLimit', 50) * 1024 * 1024; // value in MB
+  static apiMaxRequestsPerMinute = getConfigIntKeyOrDefault(
+    'api.maxRequestsPerMinute',
+    100_000
+  );
   static isManualTxRequestActive = getOptionalConfig<boolean>(
     'api.isManualTxRequestActive',
     false
@@ -165,7 +169,10 @@ class Configs {
       const logTypeValidation = ['console', 'file', 'loki'].includes(log.type);
       let loggerChecks = true;
       if (log.type === 'loki') {
-        const overrideLokiBasicAuth = getOptionalConfig('overrideLokiBasicAuth', '');
+        const overrideLokiBasicAuth = getOptionalConfig(
+          'overrideLokiBasicAuth',
+          ''
+        );
         if (overrideLokiBasicAuth !== '') log.basicAuth = overrideLokiBasicAuth;
         loggerChecks =
           log.host != undefined &&

diff --git a/src/jobs/apiServer.ts b/src/jobs/apiServer.ts
@@ -14,6 +14,7 @@ import { healthRoutes } from '../api/healthCheck';
 import { tssRoute } from '../api/tss';
 import WinstonLogger from '@rosen-bridge/winston-logger';
 import { signRoute } from '../api/signTx';
+import rateLimit from '@fastify/rate-limit';
 
 const logger = WinstonLogger.getInstance().getLogger(import.meta.url);
 
@@ -66,6 +67,11 @@ const initApiServer = async () => {
     transformSpecificationClone: true,
   });
 
+  await apiServer.register(rateLimit, {
+    max: Configs.apiMaxRequestsPerMinute,
+    timeWindow: '1 minute',
+  });
+
   await apiServer.register(p2pRoutes);
   if (Configs.keygen.isActive) {
     await apiServer.register(keygenRoute);